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ABSTRACT 



An apparatus and method for providing a secure firewall 
between a private network and a public network are dis- 
closed. The apparatus is a gateway station having an oper- 
ating system that is modified to disable communications 
packet forwarding, and further modified to process any 
communications packet having a network encapsulation 
address which matches the device address of the gateway 
station. The method includes enabling the gateway station to 
transparently initiate a first communications session with a 
client on a first network requesting a network service from 
a host on a second network, and a second independent 
communications session with the network host to which the 
client request was addressed. The data portion of commu- 
nications packets from the first session are passed to the 
second session, and vice versa, by application level proxies 
which arc passed the communications packets by the modi- 
fied operating system. Data sensitivity screening is prefer- 
ably performed on the data to ensure security. Only com- 
munications enabled by a security administrator are 
permitted. The advantage is a transparent firewall with 
application level security and data screening capability. 
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Gopher session. To enable transparent mode using the Telnet 
program, a Telnet session is started with gateway station 14 
as follows: 

your-host % telnet gatewaystation.company.com 
Trying 198.53.64.2 5 
Connected to gatewaystation.company.com 
Escape character is 'T 
gatewaystation proxy-telnet ready: 
Usemamc: You in 
Password: xxxxxxx 
Login Accepted 
proxy-tclnet>cnablc 
proxy-tclnct>quit 
Disconnecting . . . 
Connection closed by foreign host, 
your-host % 

A user may also authenticate and enable transparent mode 
using the FTP program as follows: 2 0 
your-host % FTP gatewaystation.company.com 
Connected to gatcwaystation.company.com 
220 gatewaystation proxy-FTP ready: 
Name (gatewaystation.company.com:you): You 
331 Enter authentication password for you 
Password: xxxxxxx 
230 User authentication to proxy 
ftp>quote enable 
Transparent mode enabled 
ftp>quit 
your-host% 

In the preferred embodiment of the invention, a propri- 
etary Gopher proxy is enabled to automatically initiate 35 
transparent mode after the user has successfully authenti- 
cated to the gateway station 14 by entering a valid user 
identification and password, whenever a Gopher session is 
requested and user authentication is required. This user 
authentication capability is a novel feature for a Gopher 40 
proxy. The proprietary source code for the novel Gopher 
proxy is appended hereto as Appendix C. 

The modes for implementing transparent mode arc, of 
course, arbitrary and may be redesigned or reassigned to 
other programs or proxies as those skilled in the art deem 45 
appropriate. Once the transparent mode is enabled, an 
authentication directory is updated by creating a file entry 
for the source IP address 32. The authentication files include 
a creation time variable which is automatically set to the 
system time when the file is created. This creation time 50 
variable is used to track the time of authentication. The files 
also include a last modification time variable which is 
automatically updated by the system each time the file is 
modified. By rewriting the authentication file each time a 
user initiates a new communications session through the 55 
gateway station 14 the time of last use of the gateway station 
can be tracked. This authentication directory is inspected 
periodically and user files are deleted from the authentica- 
tion directory base on any number of predetermined criteria. 
In accordance with the preferred embodiment, the user file 60 
is deleted from the authentication directory if the user has 
not initialed a communications session through the gateway 
station for a period of time predefined by the systems 
administrator. In addition, the user file may be deleted from 
the authentication directory at a predetermined time of day 65 
defined by the system administrator. It is therefore possible 
to have the authentication of all users of the gateway station 



14 revoked at a specified time of day, such as the end of the 
business day. This further fortifies die security of the gate- 
way. 

It is apparent that a novel and particularly invulnerable 
gateway has been invented. The gateway is efficient as well 
as secure. It will be readily apparent to those skilled in the 
art that modification may be made to the preferred embodi- 
ment described above without departing from the scope of 
the invention as expressed in the appended claims. 

I claim: 

1. A method of providing a secure gateway between a 
private network and a potentially hostile network, compris- 
ing the steps of: 

(a) addressing communications packets directly to a host 
on the potentially hostile network as if there were a 
communications path to the host, but encapulating the 
packets with a hardware destination address that 
matches a device address of the gateway; 

(b) accepting at the gateway communications packets 
from either network that are encapsulated with a hard- 
ware destination address which matches the device 
address of the gateway; 

(c) deterrnining at the gateway whether there is a process 
bound to a destination port number of an accepted 
communications packet; 

(d) establishing transparently at the gateway a first com- 
munications session with a source address/source port 
of the accepted communications packet if there is a 
process bound to the destination port number, else 
dropping the packet; 

(c) establishing transparently at the gateway a second 
communications session with a destination address/ 
destination port of the accepted communications packet 
if a first communications session is established; and 

(f) transparently moving data associated with each sub- 
sequent communications packet between the respective 
first and second communications sessions, whereby the 
first session communicates with the source and the 
second session communicates with the destination 
using the data moved between the first and second 
sessions. 

2. A method of providing a secure gateway between a 
private network and a potentially hostile network as claimed 
in claim 1 wherein the step of determining involves check- 
ing to determine if a process is bound to the destination port 
number, and passing the packet to a generic process if a 
process is not bound to the destination port number, the 
generic process acting to establish the first and second 
communications sessions and to move the data between the 
first and second communications sessions. 

3. A method of providing a secure gateway between a 
private network and a potentially hostile network as claimed 
in claim 1 wherein the method further involves the steps of: 

a) checking a rule base to determine if the source address 
requires authentication; and 

b) authenticating the source by requesting a user identi- 
fication and a password and referencing a database to 
determine if the user identification and password are 
valid. 

4. A method of providing a secure gateway between a 
private network and a potentially hostile network as claimed 
in claim 1 wherein the method further involves the steps of: 

a) referencing a rule base after the first communications 
session is established to determine whether the source 
address is permitted access to the destination address 
for a requested type of service; and 
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b) cancelling the first communications session if the rule 
base does not include a rule to permit the source 
address to access the destination address for the 
requested type of service. 

5. A method of providing a secure gateway between a 5 
private network and a potentially hostile network as claimed 

in claim 3, wherein the method further involves the steps of: 

a) creating a user authentication file which contains the 
source address of the authenticated user in a user 
authentication directory; and 10 

b) referring to the authentication file to determine if a 
source address has been authenticated each time a new 
communications session is initiated so that the gateway 
is completely transparent to an authenticated source. 

6. A method of providing a secure gateway between a 15 
private network and a potentially hostile network as claimed 

in claim 5 wherein the user authentication file includes a 
creation time variable which is set to a system time value 
when the user is authenticated. 

7. A method of providing a secure gateway between a 2 o 
private network and a potentially hostile network as claimed 

in claim 6 wherein the method further involves the steps of: 
a) updating a modification time variable of the authenti- 
cation file each lime the user initiates a new commu- 
nications session through the gateway station. 25 

8. A method of providing a secure gateway between a 
private network and a potentially hostile network as claimed 
in claim 7 wherein the method further involves the steps of: 

a) periodically checking each user authentication file to 
determine whether one of a first difference between the 30 
authentication time variable and the system time and a 
second difference between the modification time vari- 
able and the system time has exceeded a predefined 
threshold; and 

b) deleting the user file from the user authentication 35 
directory if the threshold has been exceeded by each of 
the first and second differences. 

9. A method for providing a secure gateway between a 
private network and potentially hostile network as claimed 

in claim 1 wherein the method further involves the steps of: 40 
a) performing a data sensitivity check on the data asso- 
ciated with each packet as a step in the process of 
moving the data between the respective first and second 
communications sessions. 

10. A method of providing a secure gateway between a 4 5 
private network and a potentially hostile network, compris- 
ing the steps of: 

(a) addressing communications packets directly to a host 
on the potentially hostile network as if there were a 
communications path to host, but encapulating the 50 
packets with a hardware destination address that 
matches a device address of the gateway; 

(b) accepting from either network all TCP/IP packets that 
are encapsulated with a hardware destination address 
which matches the device address of the gateway; 55 

(c) determining whether there is a proxy process bound to 
a port for serving a destination port number of an 
accepted TCP/IP packet; 

(d) establishing a first communications session with a $0 
source address/source port number of the accepted 
TCP/IP packet if there is proxy process bound to the 
port for serving the destination port number, else drop- 
ping the packet; 

(e) determining if the source address/source port number 65 
of the accepted packet is permitted to communicate 
with a destination address/destination port number of 
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the accepted packet by referencing a rule base, and 
dropping the packet if a permission rule cannot be 
located; 

(0 establishing a second communications session with the 
destination address/destination port number of the 
accepted TCP/IP packet if a first communications ses- 
sion is established and the permission rule is located; 
and 

(g) transparently moving data associated with each sub- 
sequent TCP/IP packet between the respective first and 
second communications sessions, whereby the first 
session communicates with the source and the second 
session communicates with the destination using the 
data moved between the first and second sessions. 

11. A method of providing a secure gateway between a 
private network and a potentially hostile network as claimed 
in claim 10 wherein the step of determining involves check- 
ing a table to determine if a custom proxy process is bound 
to the destination port number, and passing the packet to a 
generic proxy process if a custom proxy process is not bound 
to the destination port number, the generic proxy process 
being executed to establish the first and second communi- 
cations sessions and to move the data between the first and 
second communications sessions. 

12. A method of providing a secure gateway between a 
private network and a potentially hostile network as claimed 
in claim 10 wherein the step of establishing a first commu- 
nications session with a source address/source port number 
further involves the steps of: 

a) checking a rule base to determine if the source requires 
authentication; 

b) checking an authentication directory to determine if an 
authentication file exists for the source in an instance 
where the source requires authentication; and 

c) if the source requires authentication and an authenti- 
cation file for the source cannot be located, authenti- 
cating the source by requesting a user identification and 
a password and referencing a user identification data- 
base to determine if the user identification and pass- 
word are valid. 

13. A method of providing a secure gateway between a 
private network and a potentially hostile network as claimed 
in claim 12 wherein the method further involves the steps of: 

a) referencing a rule base as a first step after the first 
communications session is established to determine 
whether the user identification/password at the source 
address is permitted to communicate with the destina- 
tion address for a requested service; and 

b) cancelling the first communications session if the rule 
base does not include a rule to permit the user identi- 
fication/password at the source address to communicate 
with the destination address for the requested type of 
service. 

14. A method of providing a secure gateway between a 
private network and a potentially hostile network as claimed 
in claim 12, wherein the method further involves the steps 
of: 

a) creating a user authentication file which contains the 
source address of the authenticated user in a user 
authentication directory; and 

b) referring to the authentication file to determine if a 
source address has been authenticated each time a new 
communications session is initiated so that the gateway 
is completely transparent to an authenticated source 
having an authentication file in the authentication direc- 
tory. 

15. A method of providing a secure gateway between a 
private network and a potentially hostile network as claimed 
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in claim 14 wherein a file creation time variable which is 
automatically set by an operating system of the gateway 
station to a system time value when a file is created, is used 
to monitor a lime when the user is authenticated. 

16. A method of providing a secure gateway between a 
private network and a potentially hostile network as claimed 
in claim 14 wherein the method further involves the steps of: 

a) rewriting the user authentication file each time the user 
initiates a new communications session through the 
gateway station so that a modification time variable in 
the authentication file is automatically updated by the 10 
operating system of the secure gateway. 

17. A method of providing a secure gateway between a 
private network and a potentially hostile network as claimed 
in claim 16 wherein the method further involves the steps of: 

a) periodically checking each user authentication file to 15 
determine whether one of a first difference between the 
authentication time variable and the system time and a 
second difference between the modification time vari- 
able and the system time has exceeded a predefined 
threshold; and 20 

b) deleting the user file from the user authentication 
directory if the threshold has been exceeded by both of 
the first and second differences. 

18. A method for providing a secure gateway between a 
private network and potentially hostile network as claimed 25 
in claim 10 wherein the method further involves the steps of: 

a) performing a data sensitivity check on the data portion 
of each packet as a step in the process of moving the 
data between the respective first and second commu- 
nications sessions, whereby the TCP/IP packet is 
passed by a modified kernel of an operating system of 
the secure gateway to the proxy process which extracts 
the data from the packet and passes the data from a one 
of the first and second communications sessions to a 
proxy process which operates at an application layer of 
the gateway station and the proxy process executes data 
screening algorithms to screen the data for elements 
that could represent a potential security breach before 
the data is passed to the other of the first and second 
communications sessions. 

19. Apparatus for providing a secure gateway for data 
exchanges between a private network and a potentially 
hostile network, comprising in combination: 

a gateway station adapted for connection to a telecom- 45 
munications connection with each of the private net- 
work and the potentially hostile network; 

an operating system executable by the gateway station, a 
kernel of the operating system having been modified so 
that the operating system: 50 

a) cannot forward any communications packet from the 
private network to the potentially hostile network or 
from the potentially hostile network to the private 
network; and 

b) will accept for processing any communications 55 
packet from either of the private network and the 
potentially hostile network provided that the packet 

is encapsulated with a hardware destination address 
that matches the device address of the gateway 
station on the respective network; and ^ 
at least one proxy process executable by the gateway 
station, the at least one proxy process being adapted to 
transparently initiate a first communications session 
with a source of an initial data packet accepted by the 
operating system and to transparently initiate a second 65 
communications session with a destination of the 
packet without intervention by the source, and to trans- 



40 



parently pass the data portion of packets received by 
the first communications session to the second com- 
munications session and to pass the data portion of 
packets received by the second communications ses- 
sion to the first communications session, whereby the 
first session communicates with the source using data 
from the second session and the second session com- 
municates with the destination using data received from 
the first session. 

20. Apparatus for providing a secure gateway for data 
exchanges between a private network and a potentially 
hostile network as claimed in claim 19 wherein the operating 
system is a Unix operating system. 

21. Apparatus for providing a secure gateway for data 
exchanges between a private network and a potentially 
hostile network as claimed in claim 19 wherein the at least 
one proxy process includes modified public domain proxy 
processes for servicing Telnet, FTP, and UDP communica- 
tions. 

22. Apparatus for providing a secure gateway for data 
exchanges between a private network and a potentially 
hostile network as claimed in claim 19 wherein the at least 
one proxy process is a generic proxy process capable of 
servicing any network service which may be communicated 
within TCP/IP protocol, on any one of the 64K TCP/IP 
communications ports. 

23. Apparatus for providing a secure gateway for data 
exchanges between a private network and a potentially 
hostile network as claimed in claim 22 wherein the kernel is 
modified so that it will pass to the generic proxy process any 
communications packet having a destination port number 
that indicates a port to which no custom proxy process is 
bound, if the generic proxy process is bound to a predefined 
communications port when the communications packet is 
received by the kernel. 

24. Apparatus for providing a secure gateway for data 
exchanges between a private network and a potentially 
hostile network as claimed in claim 20 wherein the gateway 
station is a Unix station. 

25. Apparatus for providing a secure gateway for data 
exchanges between a private network and a potentially 
hostile network as claimed in claim 19 wherein the appara- 
tus further includes programs for providing a security 
administrator with an interface to permit the security admin- 
istrator to build a rule base for controlling communications 
through the gateway station. 

26. Apparatus for providing a secure gateway for data 
exchanges between a private network and a potentially 
hostile network as claimed in claim 19 wherein the at least 
one proxy process includes domain proxy processes for 
servicing Gopher and TCP communications. 

27. Apparatus for providing a secure gateway for data 
exchanges between a private network and a potentially 
hostile network as claimed in claim 19 wherein the Gopher 
proxy process is enabled to authenticate users whenever a 
Gopher session is initiated and user authentication is 
required. 

28. Apparatus for providing a secure gateway for data 
exchanges between a private network and a potentially 
hostile network as claimed in claim 22 wherein the generic 
proxy process capable of servicing any network service 
which may be communicated within TCP/IP protocol, on 
any one of the 64K TCP/IP communications ports is a TCP 
proxy process. 

29. A computer system for providing a secure gateway 
between a private network and a potentially hostile network, 
comprising: 

a) means for accepting from either network all commu- 
nications packets that are encapsulated with a hardware 
destination address which matches the device address 
of the gateway; 
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b) means for determining whether there is a process 
bound to a destination port number of an accepted 
communications packet; 

c) means for establishing a first communications session 
with a source address/source port of the accepted 5 
communications packet if there is a process bound to 
the destination port number, else dropping the packet; 

d) means for transparently establishing, without interven- 
tion from the source, a second communications session 
with a destination address/destination port of the 10 
accepted communications packet if a first communica- 
tions session is established; and 

e) means for transparently moving data associated with 
each subsequent communications packet between the J5 
respective first and second communications sessions, 
whereby the first session communicates with the source 
and the second session communicates with the desti- 
nation using the data moved between the first and 
second sessions. ^ 

30. A computer system providing a secure gateway 
between a private network and a potentially hostile network 
as claimed in claim 29 wherein the means for deterrnining 
checks to determine if a process is bound to the destination 
port number, and passes the packet to a generic process if a 
process is not bound to the destination port number, the 25 
generic process acting to establish the first and second 
communications sessions and to move the data between the 
first and second communications sessions. 

31. A computer system for providing a secure gateway 
between a private network and a potentially hostile network 30 
as claimed in claim 29 wherein the system further includes: 

a) means for checking a rule base to determine if the 
source address requires authentication; and 

b) means for authenticating the source by requesting a 
user identification and a password and referencing a 35 
database to determine if the user identification and 
password are valid. 

32. A computer system for providing a secure gateway 
between a private network and a potentially hostile network 

as claimed in claim 29 wherein the system further includes: 40 

a) means for referencing a rule base after the first com- 
munications session is established to determine 
whether the source address is permitted to access the 
destination address for a requested type of service; and 

b) means for cancelling the first communications session 
if the rule base does not include a rule to permit the 
source address to access the destination address for the 
requested type of service. 

33. A computer system for providing a secure gateway 
between a private network and a potentially hostile network 
as claimed in claim 32, wherein the system further includes: 

a) means for creating a user authentication file which 
contains the source address of the authenticated user in 

a user authentication directory; and 55 

b) means for referring to the authentication file to deter- 
mine if a source address has been authenticated each 
time a new communications session is initiated so that 
the gateway is completely transparent to an authenti- 
cated source. 60 

34. A computer system for providing a secure gateway 
between a private network and a potentially hostile network 
as claimed in claim 33 wherein the user authentication file 
includes a creation time variable which is set to a system 
time value when the user is authenticated. 
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35. A computer system for providing a secure gateway 
between a private network and a potentially hostile network 
as claimed in claim 34 wherein the system further includes: 

a) means for updating a modification time variable of the 
authentication file each time the user initiates a new 
communications session through the gateway station. 

36. A computer system for providing a secure gateway 
between a private network and a potentially hostile network 
as claimed in claim 35 wherein the system further includes: 

a) means for periodically checking each user authentica- 
tion file to determine whether one of a first difference 
between the authentication time variable and the sys- 
tem time and a second difference between the modifi- 
cation time variable and the system time has exceeded 
a predefined threshold; and 

b) means for deleting the user file from the user authen- 
tication directory if the threshold has been exceeded by 
each of the first and second differences. 

37. A computer system for providing a secure gateway 
between a private network and potentially hostile network as 
claimed in claim 29 wherein the system further includes: 

a) means for performing a data sensitivity check on the 
data associated with each packet as a step in the process 
of moving the data between the respective first and 
second communications sessions. 

38. A computer-readable memory encoded with com- 
puter-readable instructions for providing a secure gateway 
between a private network and a potentially hostile network, 
comprising: 

a) instructions for accepting from either network all 
communications packets that are encapsulated with a 
hardware destinauon address which matches the device 
address of the gateway; 

b) instructions for determining whether there is a process 
bound to a destinauon port number of an accepted 
communications packet; 

c) instructions for transparently establishing a first com- 
munications session with a source address/source port 
of the accepted communications packet if there is a 
process bound to the destination port number, else 
dropping the packet; 

d) instructions for transparently establishing, without 
intervention from the source, a second communications 
session with a destination address/destination port of 
the accepted communications packet if a first commu- 
nications session is established; and 

e) instructions for transparently moving data associated 
with each subsequent communications packet between 
the respective first and second communications ses- 
sions, whereby the first session communicates with the 
source and the second session communicates with the 
destination using the data moved between the first and 
second sessions. 

39. A computer readable memory as claimed in claim 38 
wherein the computer readable memory comprises at least 
one compact disk. 

40. A computer readable memory as claimed in claim 38 
wherein the computer readable memory comprises at least 
one floppy diskette. 

41. A computer readable memory as claimed in claim 38 
wherein the computer readable memory comprises at least 
one hard disk drive. 

* * * * * 
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Abstract of JP1 1306095 

PROBLEM TO BE SOLVED: To provide a 
data processor which detects abnormal DMA 
data transfer before the data are destructed by 
its execution, has the abnormal data transfer 
stopped and can avoid destruction of the data 
or system down. SOLUTION: A trigger 
condition set means 145 refers to a state flag 
which indicates whether an address monitoring 
mechanism 1 1 1 is transferring DMA or not and 
a DMA device 1 25 sets an address of a DMA 
transferred party + a transfer size +1 in a 
trigger condition set register 115. The DMA 
device 125 sets the state flag during 
transferring. When a trigger exception occurs 
during DMA transfer, an address monitoring 
mechanism interruption handler 145 forces 
DMA transfer to be completed, sets the state 
flag to be transfer completion and issues a 
signal. When a trigger condition set means 
140 receives the signal, it refers to the state 
flag and clears the address monitoring 
mechanism 110. 



I 4& 



i a o Wi — -l 



7 ruAs^am 



ICS 



7 h'fXE&M 



1 1 o y 
« * 



k AM 



,130 
i 3S 



Data supplied from the esp@cenet database - Worldwide 



http://v3.espacenet.com/textdoc?DB=EPODOC&IDX=JP11306095&F=0 



6/21/2006 



Set Items Description 

51 208989 S ATTACK? OR ANOMAL? OR ABNORMAL? 

52 162269 S OVERFLOW? OR FLOOD? OR SYNFLOOD? OR VIRUS? OR WORM? ? OR TROJAN () HORSE? 
OR MALWARE? OR MALICIOUS () CODE? 

53 2314 4 S DENIAL? (2W) SERVICE? OR INTRUSION? OR MALICIOUS? OR HOSTILE? OR 
OVERWHELM? OR SWAMP? 

54 277722 S SUSPICIOUS? OR (ABNORM? OR ANOMAL?) (2N)ACTIVIT? OR HACK? OR PENETRAT? OR 
ATTACK? OR VIOLAT? OR UNAUTHORI? 

55 2514 4 25 S MONITOR? OR TRANSDUCE? OR TRANSDUCING? OR SENSING? OR DETECT? ? OR 
DETECTION? OR DETECTED OR DETECTING 



S6 


1338414 


S 


TRACK? OR AUDIT? OR POLL? OR INTERROGAT? OR PING? OR TEST? OR SURVEY? 


S7 


1688748 


S 


SURVEILL? OR INSPECT? OR QUIZ? OR EVALUAT? OR ASSESS? OR ASCERTAIN? OR 


MEASUR? 






S8 


1561527 


S 


IDENTIF? OR DISCOVER? OR FIND? OR LOCAT? OR PINPOINT? OR SPOT? ? OR 


SPOTTING? OR SPOTTED 


S9 


713229 


s 


RECOGN? OR PERCEIV? OR DISCERN? OR EXPOSE? OR EXPOSING OR FERRET? OR 


UNCOVER? 






S10 


119938 


s 


S1:S4 (10N)S5:S9 


Sll 


27414 


s 


INHIBIT? OR STOP? OR TERMINAT? OR END OR ENDS OR ENDED OR ENDING? 


S12 


629 


s 


CEASE? OR CEASING OR CESSATION? OR ARREST? OR SHUT? () DOWN? 


S13 


1889 


s 


SHUT? () DOWN? OR SHUTDOWN? OR DISABL? OR DISCONTINU? OR DEACTIVAT? OR 


HALT? 








S14 


2552 


s 


"NOT" (JENABL? OR SUSPEND? OR SUSPENSION? OR CANCEL? 


S15 


6909 


s 


AUTODISABL? OR NOGO OR NO ( ) GO OR OFFSTATE? OR OFF () STATE? OR INTERRUPT? 


OR TURNOFF? OR 


(TURN? OR SWITCH? OR SHUT?)()OFF 


S16 


25285 


S 


ROUTE? OR ROUTING? OR SEND? OR BROADCAST? OR TRANSMIT? OR TRANSMISSION? 


S17 


8137 


S 


FORWARD? OR DISEMINAT? OR DISSEMINAT? OR DISPATCH? OR FORWARD? OR 


TRANSLOCAT? OR 


TRANSPORT? 


S18 


9042 


S 


ADDRESS? OR RETURNADDRESS? OR LOCATION? OR LOCALE? OR LOCALIT? OR SITE? 


? OR 


WEBADDRESS? OR URL OR URLADDRESS? 


S19 


5148 


S 


REGION? ? OR SECTOR? ? OR MACADDRESS? OR IPADDRESS? OR NAT? ? OR 


WEBSITE? 






S20 


7 


S 


(WEB OR WORLD () WIDE () WEB OR ONLINE OR INTERNET OR LAN? ? OR WAN? ?) () (11 


OR IDENTIF? OR 


IDS) 


S21 


14474 


S 


ROUTER? OR SWITCH? 


S22 


111 


S 


(ROUTING OR SWITCHING) {) (DEVICE? OR UNIT? OR APPARATUS? OR FIREWALL? OR 


PROXY? OR SERVER?: 


) 


S23 


402 


S 


(ROUTING OR SWITCHING) () (UNIT? OR MODULE? OR COMPONENT? OR HARDWARE? OR 


HUB? 


? OR NODE?) 




S24 


5779 


S 


NETWORK? OR LAN OR WAN OR LANS OR WANS OR ETHERNET? OR INTRANET? OR 


EXTRANET? OR VPN? 


*? 


S25 


1648 


s 


WEB OR (COMMUNICAT? OR TELECOM? OR TELCOM? OR TELNET?) () SYSTEM? 


S26 


13994 


s 


IC-G06F? 


S27 


11858 


s 


MC-T01? 


S28 


34594 


s 


S10 AND S20:S27 


S29 


36 


s 


S28 AND S11:S15 (6N)S16:S17 (6N)S18:S20 


S30 


66 


s 


S10 AND S11:S15 (5N)S16:S17 (5N)S18:S20 


S31 


52 


s 


S30 AND S1:S4 (5N) S5:S9 


S32 


73 


s 


S29:S31 


S33 


16 


s 


S32 AND AC=US/PR 


S34 


13 


s 


S33 AND AY= (1970:2000) /PR 


S35 


12 


s 


S33 NOT AY= (2001: 2006) /PR 


S36 


57 


s 


S32 NOT S33 


S37 


37 


s 


S36 AND PY-1970:2000 


S38 


36 


s 


S36 NOT PY=2001:2006 


S39 


50 


s 


S34:S35 OR S37:S38 


S40 


50 


ID PAT (sorted in duplicate/non-duplicate order) 


; show files 







[File 347] JAPIO Dec 1976-2005/Dec(Updated 060404) 



(c) 2006 JPO & JAPIO. All rights reserved. 



[File 350] Derwent WPIX 1963-2006/UD,UM &UP=200639 
(c) 2006 The Thomson Corp. All rights reserved. 

*File 350: Preview the enhanced DWPI through ONTAP DWPI (File 280). For more information, visit 
http:/Avww. dialog, com/dwpi/. 



Set Items Description 

51 1359772 S ATTACK? OR ANOMAL? OR ABNORMAL? 

52 998419 S OVERFLOW? OR FLOOD? OR SYNFLOOD? OR VIRUS? OR WORM? ? OR TROJAN ( ) HORSE? 
OR MALWARE? OR MALICIOUS {) CODE? 

53 136889 S DENIAL? ( 2W) SERVICE? OR INTRUSION? OR MALICIOUS? OR HOSTILE? OR 
OVERWHELM? OR SWAMP? 

54 768086 S SUSPICIOUS? OR (ABNORM? OR ANOMAL?) (2N)ACTIVIT? OR HACK? OR PENETRAT? OR 
ATTACK? OR VIOLAT? OR UNAUTHORI? 

55 4539501 S MONITOR? OR TRANSDUCE? OR TRANSDUCING? OR SENSING? OR DETECT? ? OR 
DETECTION? OR DETECTED OR DETECTING 

56 9200986 S TRACK? OR AUDIT? OR POLL? OR INTERROGAT? OR PING? OR TEST? OR SURVEY? 

57 14086580 S SURVEILL? OR INSPECT? OR QUIZ? OR EVALUAT? OR ASSESS? OR ASCERTAIN? OR 
MEASUR? 

58 7120641 S IDENTIF? OR DISCOVER? OR FIND? OR LOCAT? OR PINPOINT? OR SPOT? ? OR 
SPOTTING? OR SPOTTED 

59 2084886 S RECOGN? OR PERCEIV? OR DISCERN? OR EXPOSE? OR EXPOSING OR FERRET? OR 
UNCOVER? 



S10 
Sll 
S12 
S13 
HALT? 
S14 
S15 



510971 S S1:S4 (10N)S5:S9 

45424 S INHIBIT? OR STOP? OR TERM I NAT? OR END OR ENDS OR ENDED OR ENDING? 

3452 S CEASE? OR CEASING OR CESSATION? OR ARREST? OR SHUT? () DOWN? 

5364 S SHUT? () DOWN? OR SHUTDOWN? OR DISABL? OR DISCONTINU? OR DEACTIVAT? OR 



5023 S "NOT" OENABL? OR SUSPEND? OR SUSPENSION? OR CANCEL? 

1821 S AUTODISABL? OR NOGO OR NO ( ) GO OR OFFSTATE? OR OFF () STATE? OR INTERRUPT? 
OR TURNOFF? OR (TURN? OR SWITCH? OR SHUT?) ( ) OFF 

516 40274 S ROUTE? OR ROUTING? OR SEND? OR BROADCAST? OR TRANSMIT? OR TRANSMISSION? 

517 27138 S FORWARD? OR DISEMINAT? OR DISSEMINAT? OR DISPATCH? OR FORWARD? OR 
TRANSLOCAT? OR TRANSPORT? 

518 62125 S ADDRESS? OR RETURNADDRESS? OR LOCATION? OR LOCALE? OR LOCALIT? OR SITE? 
? OR WEBADDRESS? OR URL OR URLADDRESS? 

519 53135 S REGION? ? OR SECTOR? ? OR MACADDRESS? OR IPADDRESS? OR NAT? ? OR 
WEBSITE? 

520 22 S (WEB OR WORLD () WIDE () WEB OR ONLINE OR INTERNET OR LAN? ? OR WAN? ?) () (ID 
OR IDENTIF? OR IDS) 

521 4311 S ROUTER? OR SWITCH? 

522 34 S (ROUTING OR SWITCHING) () (DEVICE? OR UNIT? OR APPARATUS? OR FIREWALL? OR 
PROXY? OR SERVER?) 

523 21 S (ROUTING OR SWITCHING) () (UNIT? OR MODULE? OR COMPONENT? OR HARDWARE? OR 
HUB? ? OR NODE?) 

524 23685 S NETWORK? OR LAN OR WAN OR LANS OR WANS OR ETHERNET? OR INTRANET? OR 
EXTRANET? OR VPN? ? 

525 4321 S WEB OR (COMMUNICAT? OR TELECOM? OR TELCOM? OR TELNET?) {) SYSTEM? 

526 28483 S S10 AND SI : S4 ( 10N) S5 : S9 AND S20:S25 

527 9 S S26 AND Sll : S15 ( 5N) S16 : S17 ( 5N) S18 : S20 

528 31 S S11:S15 (5N)S16:S17 (5N)S18:S20 AND S10 AND SI : S4 ( 5N) S5 : S9 

529 32 S S27:S28 

530 13 S S29 AND PY=1970:2000 

531 13 S S29 NOT PY=2001:2006 

532 13 S S30:S31 

533 13 RD (unique items) 
; show files 



[File 2] INSPEC 1898-2006/Jun W2 

(c) 2006 Institution of Electrical Engineers. All rights reserved. 



[File 6] NTIS 1964-2006/Jun W2 

(c) 2006 NTIS, Intl Cpyrght All Rights Res. All rights reserved. 



[File 8] Ei Compendex(R) 1970-2006/Jun W2 



c) 2006 Elsevier Eng. Info. Inc. All rights reserved. 



[File 34] SciSearch(R) Cited Ref Sci 1990-2006/Jun W3 
(c) 2006 Inst for Sci Info. All rights reserved. 

[File 35] Dissertation Abs Online 1861-2006/Jun 
(c) 2006 ProQuest Info&Learning. All rights reserved. 

[File 56] Computer and Information Systems Abstracts 1966-2006/Jun 
(c) 2006 CSA. All rights reserved. 

[File 60] ANTE: Abstracts in New Tech & Engineer 1966-2006/Jun 
(c) 2006 CSA. All rights reserved. 

[File 65] Inside Conferences 1993-2006/Jun 21 
(c) 2006 BLDSC all rts. reserv. All rights reserved. 

[File 94] JICST-EPlus 1985-2006/Mar W3 

(c)2006 Japan Science and Tech Corp(JST). All rights reserved. 

[File 99] Wilson Appl. Sci & Tech Abs 1983-2006/May 
(c) 2006 The HW Wilson Co. All rights reserved. 

[File 111] TGG Natl.Newspaper Index(SM) 1979-2006/Jun 12 
(c) 2006 The Gale Group. All rights reserved. 

[File 144] Pascal 1973-2006/May W4 
(c) 2006 INIST/CNRS. All rights reserved. 

[File 239] Mathsci 1940-2006/Jul 

(c) 2006 American Mathematical Society. All rights reserved. 

[File 256] TecInfoSource 82-2006/Aug 

(c) 2006 Info. Sources Inc. All rights reserved. 



40/3,K/13 (Item 13 from file: 350) Links 
Derwent WPEX 

(c) 2006 The Thomson Corp. All rights reserved. 

010646685 **Image available** 

WPI Acc No: 1996-143639/199615 

XRPX Acc No: N96-120414 

Interrupt processing system for abnormal microcomputer 

operation - has occupancy monitoring circuit that detects undesired 

signal, interrupts CPU and sends halt notification 

signal suspending CPU access address space operation 

Patent Assignee: HITACHI CHUBU SOFTWARE KK (HITA-N) ; HITACHI LTD (HITA 
Number of Countries: 001 Number of Patents: 001 
Patent Family: 

Patent No Kind Date Applicat No Kind Date Week 

JP 8030491 A 19960202 JP 94160940 A 19940713 199615 B 

Priority Applications (No Type Date) : JP 94160940 A 19940713 
Patent Details: 

Patent No Kind Lan Pg Main IPC Filing Notes 
JP 8030491 A 4 G06F-011/30 



has occupancy monitoring circuit that detects undesired 
signal, interrupts CPU and sends halt notification 
signal suspending CPU access address space operation 

...Abstract (Basic): The bus end signal loops back to the bus controlle 
The occupancy time monitoring circuit detects an 
undesired signal that causes abnormality to central processor 
operation which in turn sends a time out notification signal 
(la) and suspends the access address space operation of 
the central processor. . . 
International Patent Class (Main) : G06F-011/30 
International Patent Class (Additional): G06F-013/00 . . . 

. . .G06F-013/36 

Manual Codes (EPI/S-X) : T01-G05C... 
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Abstract of JP8030491 

PURPOSETo improve RAS by abnormality 
processing by a time-out on a new system bus 
by making an address, which causes the time- 
out of a system bus, distinctive between a 
mounted space and an unmounted space by a 
microprogram and performing the abnormality 
processing, CONSTITUTIONS discriminate 
whether the time-out reported to a central 
processor 1 1 is a time-out due to a fault of an 
IO in the mounted space or a time-out 
originating from actuation to the unmounted 
space, the microprogram discriminates 
whether the address at the time of the time-out 
occurrence is in the mounted space. When the 
address is in the unmounted space, the 
abnormality processing is not performed 
similarly to software which supports a 
nonresponse type bus 16 to make the software 
compatible. When the address is in the 
mounted space, on the other hand, the 
abnormality processing is performed to know 
the fault etc., of a response type system bus 
14FI/0 with a time-out report signal, thereby 
improving the RAS. 
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